Techdirt. Stories filed under "messaging"Easily digestible tech news...https://www.techdirt.com/
en-usTechdirt. Stories filed under "messaging"https://ii.techdirt.com/s/t/i/td-88x31.gifhttps://www.techdirt.com/Wed, 2 Nov 2016 16:31:03 PDTThai Government Demands Popular Chat App Reveal Any Time Any User Insults The KingMike Masnickhttps://www.techdirt.com/articles/20161101/23484535940/thai-government-demands-popular-chat-app-reveal-any-time-any-user-insults-king.shtml
https://www.techdirt.com/articles/20161101/23484535940/thai-government-demands-popular-chat-app-reveal-any-time-any-user-insults-king.shtmltrue end-to-end encryption. Earlier this year, the company made end-to-end encrypted chats the default, rather than as a user option (Thank you Snowden!).

Good timing. The company has apparently now refused to obey a Thai government demand that it alert the government to anyone insulting the Thai royal family on the messaging app. For years, we've written about Thailand's ridiculous lese majeste laws, which make it a crime to insult the king. As we've noted, the law is used as a way to censor and crack down on political opponents. And, of course, with the death of the Thai king last month, there's been a sudden uptick in Thai officials going after people for supposed lese majeste violations.

But Line is telling the government that it just can't help out here.

"We do not monitor or block user content. User content is also encrypted, and cannot be viewed by LINE," the statement sent to DPA said.

Of course, there's been some controversy in the past over this. Back in 2014, Thailand announced that it was instituting a broad surveillance program to snoop on basically all internet communications for the sake of seeking out and punishing lese majeste violators. A few months later, Thai government officials flat out claimed that this included monitoring Line messages, something that the company flat out denied (though, that may have also inspired the move to encryption). While Thai officials have, at times, even claimed the ability to read encrypted messages, it seemed like that was just idle boasting, rather than a legitimate revelation of surveillance capabilities.

There is one oddity about Line's response to the Thai government, though:

"We ask the authorities seeking to obtain user data to make official requests through diplomatic channels and have so advised the Thai authorities," LINE added.

So, uh, if the messages are all end-to-end encrypted and there's no way for Line to access them to share with any government, why is it asking the Thai government to use diplomatic channels to make an official request?

Permalink | Comments | Email This Story
]]>encrypted-chats-are-importanthttps://www.techdirt.com/comment_rss.php?sid=20161101/23484535940Tue, 30 Aug 2016 11:52:10 PDTPrivacy Groups File FTC Complaint Over Whatsapp Facebook Privacy 'Bait And Switch'Karl Bodehttps://www.techdirt.com/articles/20160830/08055735389/privacy-groups-file-ftc-complaint-over-whatsapp-facebook-privacy-bait-switch.shtml
https://www.techdirt.com/articles/20160830/08055735389/privacy-groups-file-ftc-complaint-over-whatsapp-facebook-privacy-bait-switch.shtmlblog post promising to "set the record straight" about the acquisition, while debunking all of the "inaccurate and careless information" being circulated online. In it, co-founder Jan Koum promised that the app, which has tried to build a reputation on respecting user privacy, would keep privacy at the heart of its operations under Facebook. Privacy was, Koum promised, simply "coded into our DNA":

"Respect for your privacy is coded into our DNA, and we built WhatsApp around the goal of knowing as little about you as possible: You don't have to give us your name and we don't ask for your email address. We don’t know your birthday. We don’t know your home address. We don’t know where you work. We don’t know your likes, what you search for on the internet or collect your GPS location. None of that data has ever been collected and stored by WhatsApp, and we really have no plans to change that."

That was then, this is now.

Last week, the company announced in a new blog post that it would soon begin sharing Whatsapp user phone numbers and various analytics data with Facebook. While this is obviously about money, the company's blog post repeatedly insisted the move was about helping the end user avoid spam and make stronger, deeper connections with friends:

"But by coordinating more with Facebook, we'll be able to do things like track basic metrics about how often people use our services and better fight spam on WhatsApp. And by connecting your phone number with Facebook's systems, Facebook can offer better friend suggestions and show you more relevant ads if you have an account with them. For example, you might see an ad from a company you already work with, rather than one from someone you've never heard of."

As expected, EPIC and the Center for Digital Democracy have filed a formal complaint with the FTC (pdf), accusing Facebook of violating Section 5 of the Federal Trade Commission Act. In public statements, both organizations accuse Facebook and Whatsapp of a "bait and switch" on previous promises that user information would not be used for marketing across the Facebook social media empire:

"The FTC has an obligation to protect WhatsApp users. Their personal information should not be incorporated into Facebook’s sophisticated data driven marketing business,” said Katharina Kopp, Ph.D., and CDD’s Director of Policy. “Data that was collected under clear rules should not be used in violation of the privacy promises that WhatsApp made. That is a significant change that requires an opt-in, according to the terms the FTC set out. It’s not complicated. If WhatsApp wants to transfer user data to Facebook, it has to obtain the user’s affirmative consent."

Whatsapp users looking to opt out of data collection within the 30 day warning window simply have to uncheck the "share my account info" box before accepting WhatsApp's newly updated terms and conditions. Users who accidentally approved the new TOS still have several weeks to uncheck this same box by clicking on "settings," "account," then unchecking the same "share my account info" box. Granted the Whatsapp opt out instructions note that even after doing this you're still not entirely opted out of having this data shared with the "Facebook family of companies":

"The Facebook family of companies will still receive and use this information for other purposes such as improving infrastructure and delivery systems, understanding how our services or theirs are used, securing systems, and fighting spam, abuse, or infringement activities."

It seems unlikely that the EPIC and CDD complaints gain much traction. Fortunately, unlike sectors like telecom, users here aren't stuck waiting on regulators since they already have the choice of alternative, open source (and frankly already more secure) encrypted messaging options.

Permalink | Comments | Email This Story
]]>privacy-schmivacyhttps://www.techdirt.com/comment_rss.php?sid=20160830/08055735389Wed, 3 Aug 2016 16:07:31 PDTThe Rise Of More Secure Alternatives To Everyone's Favorite Chat App, SlackMike Masnickhttps://www.techdirt.com/articles/20160729/17552135109/rise-more-secure-alternatives-to-everyones-favorite-chat-app-slack.shtml
https://www.techdirt.com/articles/20160729/17552135109/rise-more-secure-alternatives-to-everyones-favorite-chat-app-slack.shtmlSlack here. While we saw some folks claim it was revolutionary, we found it to be a nice, but somewhat marginal, upgrade to our previous use of Skype chat rooms. But, over time, it has certainly gotten comfortable, and there have been some nice feature add-ons and integrations that have made it a pretty cool service overall -- though if you really want to use it to its fullest extent and switch to the paid version, it can get pretty pricey, pretty quickly. I also am in a bunch of other group Slack chats, as it's basically become the platform of choice for group discussions.

However, in these days where hacked emails are in the headlines, I can see why some might get nervous about using a tool like Slack. Not that there have been any known breaches of Slack that I'm aware of, and I'm sure that the company takes security very seriously (it would undermine its entire business if it failed on that front...), it's been interesting to see other options start to pop up, which might be more appetizing for those who are extra security conscious.

Just as we've been encouraged to see greater use of encryption on mobile phones, email and on websites, it's good to see new entrants trying to take on Slack with a focus on security and privacy. The most recent, and perhaps most interesting, player in the space is SpiderOak, which recently launched its Semaphor Slack competitor on the market. I've been playing around with it -- and while it's early on, it certainly has potential. SpiderOak is the company you should already know of that provides an encrypted "zero knowledge" cloud backup solution. Since you keep the keys, even though it's hosted in the cloud, SpiderOak has no way to decrypt your files should anyone hack in, or should the government come calling. It's now taken that approach to Semaphor, which obviously takes its inspiration from Slack (and feels quite similar), but with the same zero knowledge encrypted setup. You get a key and that encrypts all of the data in your group messaging.

There are some limitations there -- of course -- because any team member might leak their key (though whoever gets in would just have access to whatever that team member can see). And, because of this setup, it's not as easy to do "integrations" with third-party apps and services, which is a key selling point of Slack. Semaphor is apparently trying to work its way around this limitation by creating bots that act as their own users within Semaphor (something Slack has also), but where the bots themselves become the key to integrations. It's a bit more clumsy, but if it helps keep things secure, that seems promising.

SpiderOak also, kindly, makes the Semaphor client source code available for anyone to audit, which is necessary if anyone's going to take their encryption seriously. Of course, Semaphor is, like Slack, working off a Freemium model, where additional features require per user fees, which can add up. One nice feature of Semaphor that Slack doesn't have: the ability for individuals to pay their own way. That is, there are lots of Slack groups that are general interest groups around certain topics, and not a company's own internal group. Those groups are never going to use a paid option, because there's no "company" to pay for all users. Semaphor offers an alternative, where each user can just pay their own way -- which might be appealing to some user groups.

The other alternatives that have been getting some attention lately are a couple of attempts to basically create a truly open source Slack clone that can be self-hosted. The two big players here are Mattermost and RocketChat. Both have built open source, self-hosted Slack clones (and both try to make money by offering paid hosting for those who want it). Mattermost is quite upfront that it's building a Slack alternative -- it's all over its website -- though it also points out that it's tried to improve on some things in Slack. RocketChat doesn't seem to mention Slack, and, frankly, feels a bit behind Mattermost in development (though it also announced that it's about to run a Kickstarter campaign to jumpstart more development.

Now, whether or not a self-hosted open source alternative is more secure than Slack... may depend. If you're doing the self-hosted version then you're basically relying on your own ability to keep the implementation secure. That might work. Or, whoever you have securing your installation might not be as good or as responsive as, say, the security team at Slack. But, using an open source solution that you host obviously does provide you with a lot more control and the ability to make any changes you think are necessary.

As someone who talks quite frequently about how competition drives innovation, it's great to see all of this happening. I don't think any of them will harm Slack's place in the market, which has become pretty standard in a lot of companies, but as more and more companies are realizing that they need to really think through security of their communications tools, it's a very good thing to see competition popping up. Hopefully, these competitors get stronger as well, and help drive more overall innovation -- including the focus on security and encryption -- across the entire market.

Permalink | Comments | Email This Story
]]>well-this-could-get-interestinghttps://www.techdirt.com/comment_rss.php?sid=20160729/17552135109Tue, 10 May 2016 09:34:00 PDTWhy Encryption Bans Won't Work: Brazil Government's WhatsApp Block Just Sends Users To Other Encrypted PlatformsTim Cushinghttps://www.techdirt.com/articles/20160507/15124534374/why-encryption-bans-wont-work-brazil-governments-whatsapp-block-just-sends-users-to-other-encrypted-platforms.shtml
https://www.techdirt.com/articles/20160507/15124534374/why-encryption-bans-wont-work-brazil-governments-whatsapp-block-just-sends-users-to-other-encrypted-platforms.shtml
The battle against encryption being fought valiantly stupidly by the FBI, a few law enforcement figureheads, and a handful of legislators is an unwinnable war. Just ask Brazil, where the government has blocked WhatsApp repeatedly in an effort to force it to comply with demands for information. The problem is that WhatsApp now utilizes end-to-end encryption for all messages, meaning WhatsApp cannot provide any information about message content no matter how badly the Brazilian government wants it.

Several rival apps that offer encrypted messaging services reported a surge in Brazilian sign-ups, which highlights how the growing ubiquity of private messaging apps makes it hard to stop people from using them.

The same thing will happen with any of the proposed encryption bans currently making their way through various legislative entities. Bans have been proposed in both California and New York. If imposed, the only thing they'll guarantee is that locals will be purchasing phones in another state.

And those who don't feel comfortable with the end result of other efforts like Dianne Feinstein's will opt to use communication platforms/cell phone service providers who haven't caved to government demands that companies hold the encryption keys.

FBI director James Comey seems to believe he can make the world unite in the banning of encryption. This is apparently based on his abject failure to convince even a majority of US legislators that bans and backdoors are a good idea.

As long as there are options, people will seek them out. That's the only guaranteed outcome. And the more a government tries to clamp down, the further it separates itself from any usable information, like communications metadata and access to subscriber information. Once you've pushed citizens to using platforms located in other jurisdictions, your powers become severely diluted. It would be better to just accept the growing shift to encryption and explore other options that don't involve slamming your head repeatedly into an immovable force.

And, it must be pointed out that people have communicated securely for years without the government claiming it should have access to every private conversation and the contents of every mailed letter. Just because texting has replaced phone calls and letters doesn't mean the government is somehow entitled to this new wealth of communications. Just because it's easier to obtain in bulk doesn't mean it's the end of the investigative line when encryption takes that opportunity away. James Comey should stop worrying about the "smart people" in tech companies and spend more time with the "smart people" in law enforcement and find out why they're not doing more to alleviate the situation.

Permalink | Comments | Email This Story
]]>generating-more-business-for-competitorshttps://www.techdirt.com/comment_rss.php?sid=20160507/15124534374Mon, 2 May 2016 11:40:03 PDTOnce Again All Of Whatsapp Is Being Blocked In Brazil Because A Judge Is Upset It Won't Turn Over DataMike Masnickhttps://www.techdirt.com/articles/20160502/11312634324/once-again-all-whatsapp-is-being-blocked-brazil-because-judge-is-upset-it-wont-turn-over-data.shtml
https://www.techdirt.com/articles/20160502/11312634324/once-again-all-whatsapp-is-being-blocked-brazil-because-judge-is-upset-it-wont-turn-over-data.shtmlordered the app blocked entirely across Brazil, because Whatsapp has refused to provide data (which it likely does not have) to help out with a drug investigation. Any phone companies that don't block Whatsapp will be fined about $143,000 per day.

If this sounds familiar, it's because we went through this back in December in another case with another judge. And, of course, in March a Facebook (not Whatsapp) exec was arrested over a similar issue in a different case. When Whatsapp again refused to turn over information, because it could not, the judge had the exec arrested (another judge freed the exec pretty quickly).

Once again, Whatsapp points out that it's cooperated as much as possible:

“After cooperating to the full extent of our ability with the local courts, we are disappointed a judge in Sergipe decided yet again to order the block of WhatsApp in Brazil,” WhatsApp said in a statement. “This decision punishes more than 100 million Brazilians who rely on our service to communicate, run their businesses, and more, in order to force us to turn over information we repeatedly said we don’t have.”

The order is shutting down Whatsapp for 72 hours, but considering just how widely the app is used there (it is basically the way many Brazilians communicate) the impact is pretty massive. As Glenn Greenwald and Andrew Fishman over at the Intercept note, this is a ridiculous move that harms many people, but is also a sign of what's to come as governments continue to freak out over encrypted communications:

It is stunning to watch a single judge instantly shut down a primary means of online communication for the world’s fifth-largest country. The two Brazilian communication experts in the NYTwrote of the first WhatsApp shutdown: “the judge’s action was reckless and represents a potentially longer-term threat to the freedoms of Brazilians.” But there is no question that is just a sign of what is to come for countries far from Brazil: there will undoubtedly be similar battles in numerous countries around the world over what rights companies have to offer privacy protections to their users.

Permalink | Comments | Email This Story
]]>whats-up-brazil?https://www.techdirt.com/comment_rss.php?sid=20160502/11312634324Thu, 21 Apr 2016 06:26:50 PDTIndian Government Agencies Demand Access To WhatsApp Messaging GroupsTim Cushinghttps://www.techdirt.com/articles/20160419/11393534213/indian-government-agencies-demand-access-to-whatsapp-messaging-groups.shtml
https://www.techdirt.com/articles/20160419/11393534213/indian-government-agencies-demand-access-to-whatsapp-messaging-groups.shtml
Here comes the inevitable government backlash against WhatsApp rolling out end-to-end encryption for one billion users worldwide: if governments can no longer demand access to communications, the next best thing is to demand access to WhatsApp users.

According to India resident Prasanto K. Roy, local governments are demanding that administrators of WhatsApp groups (the latest beneficiaries of the encryption rollout) register with the local magistrate, and will apparently hold them accountable for any "irresponsible remarks" or "untoward actions" by members of the group.

The government's unsubtle man-in-the-middle approach to accessing WhatsApp communications also involves placing a literal government man in the middle, according to the Times of India.

The spokesperson also said that a government representative might also have to be added to the WhatsApp group as an admin. "If any government admin is present in a WhatsApp group, it will immediately prevent any sort of rumour-mongering," he said.

Whenever a government agency develops an overweening urge to curb "rumor-mongering," one can be sure that particular government is fucking something up somewhere. And, indeed, that is the case here.

The government had imposed a blackout on mobile internet in the troubled area after clashes between security forces and protestors claimed the lives of five people. The area had seen protests after the alleged molestation of a teenager by security personnel. The mobile internet blackout had been aimed at curbing the spread of potentially inflammatory messages that could spark further tension in the area.

It would seem to me the tension was created by the alleged molestation, the government's lack of interest in investigating/punishing the wrongdoer and the killing of five people. The government appears to be more interested in saving itself from its constituency, so the obvious move is to shut down any communication platform that it can't monitor or control. It can't kill WhatsApp, so it's demanding to be inserted into these conversations -- either directly or by lurking just offscreen whispering legal threats.

Not only that, but the quelling of dissent extends to the government itself. The flier also notes punishment awaits government employees who find the registration demand heavy-handed.

Govt. Employees serving in the district are directed to restrain from making any comments/remarks with regard to the policies and decisions of government on these WhatsApp groups running in the district and if anyone found involved in such activities, strict action will be initiated against them as required under rules.

Looking beyond this local dispute that has managed to drag in the world's most popular messaging service, one can see why it is essential that citizens have communication platforms that keep the government locked out. Encryption doesn't just "protect" criminals from law enforcement and innocent people from criminals. It also protects the innocent from their governments' self-serving overreach.

Permalink | Comments | Email This Story
]]>we-can't-have-people-bad-mouthing-the-government-and-getting-away-with-ithttps://www.techdirt.com/comment_rss.php?sid=20160419/11393534213Tue, 5 Apr 2016 14:01:00 PDTWhatsApp Finishes Rolling Out End-To-End Encryption; Now Covers Group Messages, MediaTim Cushinghttps://www.techdirt.com/articles/20160405/11382234111/whatsapp-finishes-rolling-out-end-to-end-encryption-now-covers-group-messages-media.shtml
https://www.techdirt.com/articles/20160405/11382234111/whatsapp-finishes-rolling-out-end-to-end-encryption-now-covers-group-messages-media.shtml
More good news on the secure communications front: WhatsApp has finally implemented full end-to-end encryption -- for everyone. Late in 2014, WhatsApp began rolling out its end-to-end encryption, but it was limited to one-to-one communications and did not cover messages containing media. Now, it's everything, including group messages.

This means that if any group of people uses the latest version of WhatsApp—whether that group spans two people or ten—the service will encrypt all messages, phone calls, photos, and videos moving among them. And that’s true on any phone that runs the app, from iPhones to Android phones to Windows phones to old school Nokia flip phones. With end-to-end encryption in place, not even WhatsApp’s employees can read the data that’s sent across its network.

Law enforcement -- particularly the Justice Department -- can't be pleased with this full implementation. Even if a warrant is obtained, WhatsApp cannot produce message content in response to these or other court orders. And from what we've seen, WhatsApp may be the next target of the FBI and its All Writs wrangling.

While this does have its implications for law enforcement in the US, it will likely have more of an impact in other nations where citizens are protected by fewer privacy-related rights -- which is where most of its users are located. Whether or not this will result in more futile arrests of Facebook execs remains to be seen.

As the messaging app's creators point out, even if you believe your government is basically good, you should still support (and use) encrypted communication options.

The argument can be made: Maybe you want to trust the government, but you shouldn’t because you don’t know where things are going to go in the future.”

As we've seen in the aftermath of the Paris and Brussels attacks, governments -- including their law enforcement agencies -- are often prone to expanding government power and weakening citizens' rights. It only takes one successful attack to send a nation down previously unimaginable paths. Might as well have your communications protected just in case. And, as for law enforcement's sudden "lack" of access? It might help to keep in mind that people chatted for hundreds of years without creating permanent records of their conversations and criminals were somehow still arrested and punished.

Permalink | Comments | Email This Story
]]>backdoors-salesmen-en-route-to-Congress-as-we-speakhttps://www.techdirt.com/comment_rss.php?sid=20160405/11382234111Tue, 22 Mar 2016 12:45:00 PDTTechdirt Podcast Episode 66: Why Are There So Many Messaging Companies?Leigh Beadonhttps://www.techdirt.com/blog/podcast/articles/20160322/11431433983/techdirt-podcast-episode-66-why-are-there-so-many-messaging-companies.shtml
https://www.techdirt.com/blog/podcast/articles/20160322/11431433983/techdirt-podcast-episode-66-why-are-there-so-many-messaging-companies.shtml
If you want to send someone a message online today, you've got a hell of a lot of options. Far from the erstwhile IM dominance of ICQ, today there are messaging platforms of every shape and size, a blurring of the lines between messaging and social media, and messaging components incorporated into almost everything. This week, we ask a simple question: why so many, and what are they all for?

Permalink | Comments | Email This Story
]]>the-medium-of-the-messagehttps://www.techdirt.com/comment_rss.php?sid=20160322/11431433983Fri, 29 Jan 2016 08:32:00 PSTISIS's Encrypted Messaging App Isn't Real; But Backdooring Encryption Still Won't Help The NSAMike Masnickhttps://www.techdirt.com/articles/20160128/15384633453/isiss-encrypted-messaging-app-isnt-real-backdooring-encryption-still-wont-help-nsa.shtml
https://www.techdirt.com/articles/20160128/15384633453/isiss-encrypted-messaging-app-isnt-real-backdooring-encryption-still-wont-help-nsa.shtmltheir very own encrypted messaging app, and highlighting how totally useless US laws requiring tech companies to backdoor encryption would be in that situation. However, it turns out that we should have been a lot more skeptical of the original report, coming from a single sourced security company. Over the years, we've learned that single-sourced security company claims are often highly suspect, and designed much more to get attention or increase FUD, than based on any real issue. The good folks over at Daily Dot are now reporting that this encrypted messaging app doesn't really appear to exist, and their investigation is pretty thorough and fairly convincing. Just like the claims that ISIS had a "training manual for encryption," this claim appears to be false.

That said, it still doesn't mean that ISIS is actually relying on encrypted apps that would be opened up by a US legal change requiring encryption backdoors. As we noted in our last post, research from the Open Technology Institute showed that almost all the popular encrypted communications app that were named as being used by ISIS were either open source or not maintained by a US company, meaning any such law would be basically meaningless to ISIS folks trying to communicate.

And given the open source nature of many of those apps, it wouldn't be surprising at all to find out that, eventually, someone forks an existing project to create a separate one relied on by ISIS. And none of that would be impacted by US laws anyway. So the only impact would be on weakening the safety and security of Americans who rely on encryption every day to keep themselves safe.

Permalink | Comments | Email This Story
]]>be-realhttps://www.techdirt.com/comment_rss.php?sid=20160128/15384633453Thu, 21 Jan 2016 10:37:55 PSTISIS Now Has Its Own Encrypted Messaging App; Doubt They'll Abide By Politicians' Demands For BackdoorsMike Masnickhttps://www.techdirt.com/articles/20160119/17575133381/isis-now-has-own-encrypted-messaging-act-doubt-theyll-abide-politicians-demands-backdoors.shtml
https://www.techdirt.com/articles/20160119/17575133381/isis-now-has-own-encrypted-messaging-act-doubt-theyll-abide-politicians-demands-backdoors.shtmlfor everyone, no one has explained how this will actually help in stopping terrorists from communicating secretly. Back in December, the Open Technology Institute released a paper that detailed how so many encrypted messaging systems were either open source or not controlled by US companies. It even took a WSJ report on the messaging apps that ISIS apparently was "recommending" to people and noted how most of them are not controllable by US laws:

And, of course, it should come as little surprise that some security folks are reporting that they've spotted a new secure messaging app that appears to have been created by ISIS itself:

ISIS has a new Android app for exchanging secure messages, joining another app that distributes propaganda and recruiting material, according to a counterterrorism network called the Ghost Security Group.

While the report notes that the app is "rudimentary" that doesn't mean it won't be improved over time. But, more importantly, it highlights that efforts to backdoor or undermine encryption on American companies certainly won't do a damn thing to stop ISIS from communicating securely. Yes, some will argue that ISIS' homegrown encrypted messaging apps are probably much more vulnerable to NSA cracking, but it still doesn't change the fact that demanding backdoors into US companies messaging systems won't magically lead to uncovering ISIS communications. It will just make Americans less secure.

Permalink | Comments | Email This Story
]]>just-saying...https://www.techdirt.com/comment_rss.php?sid=20160119/17575133381Mon, 31 Aug 2015 12:45:00 PDTMoral Panics And How 'The Kids These Days' Adapt: From Facebook 'Permanence' To Snapchat's 'Impermanence'Mike Masnickhttps://www.techdirt.com/articles/20150826/17101432074/moral-panics-how-kids-these-days-adapt-facebook-permanence-to-snapchats-impermanence.shtml
https://www.techdirt.com/articles/20150826/17101432074/moral-panics-how-kids-these-days-adapt-facebook-permanence-to-snapchats-impermanence.shtmlwrote about an old moral panic in the NY Times from 1878 about two Thomas Edison inventions, the phonograph and the aerophone (basically a broadcasting system for the phonograph). It's somewhat hilarious to read these days:

Recently he invented the phone- graph, a machine that catches the lightest whisper of conversation and stores it up, so that at any future time it can be brought out, to the confusion of the original speaker. This machine will eventually destroy all confidence between man and man, and render more dangerous than ever woman's want of confidence in woman. No man can feel sure that wherever he may be there is not a concealed phonograph remorseless gathering up his remarks and ready to reproduce them at some future date. Who will be willing, even in the bosom of his family, to express any but most innocuous and colorless views and what woman when calling on a female friend, and waiting for the latter to make her appearance in the drawing-room, will dare to express her opinion of the wretched taste displayed in the furniture, or the hideous appearance of the family photographs ? In the days of persecution and it was said, though with poetical exaggeration, that the walls had ears.

Thanks to Mr. Edison's perverted ingenuity, this has not only become a literal truth, but every shelf, closet, or floor may now have its concealed phonographic ears. No young man will venture to carry on a private conversation with a young lady, lest he should be filling a secret phonograph with evidence that, in a breach of promise suit, would secure an immediate verdict against him, and our very small-boys will fear to express themselves with childish freedom, lest the phonograph should report them as having used the name of "gosh," or as having to "bust the snoot" of the long-suffering governess.

Beware! And, just a few days ago, someone on Twitter (I fear I can't find the tweet now) pointed me to this story from last year in the Atlantic, highlighting a similar moral panic in the NY Times, twenty years earlier, about this horrible device known as the telegraph. You see, it spreads information so quickly, we'll barely have time to think:

"Superficial, sudden, unsifted, too fast for the truth, must be all telegraphic intelligence. Does it not render the popular mind too fast for the truth? Ten days bring us the mails from Europe. What need is there for the scraps of news in ten minutes? How trivial and paltry is the telegraphic column?"

And, of course, things are little different today when it comes to new technologies. In fact, you could take the quotes above from the 19th Century NY Times and with very few changes, likely have them apply to modern internet services and social media -- and they would be little different from some of the stories that you do see in the press today.

And, just as was true of those two stories above, it turns out that the fearmongering is way off base, and the ability of people to adapt and change grows. Take the fears over Facebook, for example. Just five years ago, in 2010, the NY Times Magazine warned us all about the perils of the internet remembering everything we've ever done, and how you'll never be able to rid yourself of such a "permanent record." It discusses previous moral panics about the privacy impacts of certain technologies, but then pulls out the "but this time, it's different" card.

Technological advances, of course, have often presented new threats to privacy. In 1890, in perhaps the most famous article on privacy ever written, Samuel Warren and Louis Brandeis complained that because of new technology — like the Kodak camera and the tabloid press — “gossip is no longer the resource of the idle and of the vicious but has become a trade.” But the mild society gossip of the Gilded Age pales before the volume of revelations contained in the photos, video and chatter on social-media sites and elsewhere across the Internet. Facebook, which surpassed MySpace in 2008 as the largest social-networking site, now has nearly 500 million members, or 22 percent of all Internet users, who spend more than 500 billion minutes a month on the site. Facebook users share more than 25 billion pieces of content each month (including news stories, blog posts and photos), and the average user creates 70 pieces of content a month. There are more than 100 million registered Twitter users, and the Library of Congress recently announced that it will be acquiring — and permanently storing — the entire archive of public Twitter posts since 2006.

The author, Jeffrey Rosen, declares this a "collective identity crisis":

As social-networking sites expanded, it was no longer quite so easy to have segmented identities: now that so many people use a single platform to post constant status updates and photos about their private and public activities, the idea of a home self, a work self, a family self and a high-school-friends self has become increasingly untenable. In fact, the attempt to maintain different selves often arouses suspicion. Moreover, far from giving us a new sense of control over the face we present to the world, the Internet is shackling us to everything that we have ever said, or that anyone has said about us, making the possibility of digital self-reinvention seem like an ideal from a distant era.

Concern about these developments has intensified this year, as Facebook took steps to make the digital profiles of its users generally more public than private. Last December, the company announced that parts of user profiles that had previously been private — including every user’s friends, relationship status and family relations — would become public and accessible to other users. Then in April, Facebook introduced an interactive system called Open Graph that can share your profile information and friends with the Facebook partner sites you visit.

There are plenty more stories like this. Stories about how difficult it will be for the "Facebook generation" to run for office, given that all their childish antics will be online. Or stories about how people are living too much through their Facebook feeds, rather than just experiencing life.

And yet... people have a way of adapting. Venture capitalist Adam Besvinick, recently noticed that, in talking to recent college grads, they actually were having the opposite experience of what everyone was fretting about just a few years ago. And that's because they all started using Snapchat rather than Facebook for such things:

Interesting recurring sentiment from recent grads: We lived most of our college lives on Snapchat—now we don't have any "tangible" memories.

He later notes that some of those grads are now regretting that they don't have much tangible to hold onto about those memories. And, yes, as I'm sure someone is rushing to point out in the comments, Snapchat's "disappearing" images and videos don't really disappear, and they can (and often are) saved. But many are not. And they go away. And, yes, that's kind of like things were in the past, when people just experienced things, rather than share them all.

But it's important to note that everything adapts. Kids adapt. New services adapt. Societal norms and culture adapt. And things don't turn into some dystopian nightmare that some worry about.

So many people look at these new services and react with outrage because they're different, and because they're different and will create different kinds of experiences, they must be bad. But history has shown that people are pretty damn resilient, and are pretty good at figuring out how to do things in a way that best suits them. And some will fail. And some will make mistakes. But it's hardly a crisis deserving of a moral panic. These things seem to take care of themselves pretty well -- and then people start worrying about the opposite (e.g. not enough permanence) as compared to the original moral panic (e.g. too much permanence).

Permalink | Comments | Email This Story
]]>things-change,-people-adapthttps://www.techdirt.com/comment_rss.php?sid=20150826/17101432074Fri, 8 May 2015 15:39:53 PDTPrison Messaging Service No Longer Claims It 'Owns' All Of Your CommunicationsMike Masnickhttps://www.techdirt.com/articles/20150508/14152030939/prison-messaging-service-no-longer-claims-it-owns-all-your-communications.shtml
https://www.techdirt.com/articles/20150508/14152030939/prison-messaging-service-no-longer-claims-it-owns-all-your-communications.shtmlflat out own any content that anyone sent through its service. While the company itself did not appear to be doing stupid things to enforce this, this clause did allow prison guards to put one prisoner in solitary confinement after his sister posted a video he had sent via JPay to social media. The prison claimed it was doing so to protect JPay's intellectual property.

It has recently come to our attention that there is language in our Terms of Service that impacts our customers and their families. The language states that JPay owns all content transmitted through our Email, VideoGram and Video Visitation services. Our intention was never to take ownership and profit in any way from our customers’ content. That is not and has never been JPay’s business and we have removed this language from our Terms of Service. From its inception, JPay has pledged to make our customers our top priority and we will continually strive to meet this pledge as best and as quickly as we can.

Maass is suggesting that they take it a step further and ask prison officials not to punish inmates who use their system, claiming that it's to protect JPay's intellectual property.

Permalink | Comments | Email This Story
]]>good-for-themhttps://www.techdirt.com/comment_rss.php?sid=20150508/14152030939Wed, 6 May 2015 11:38:00 PDTPrison 'Enforces' Messaging Company's 'IP' Rights By Sending Prisoner To SolitaryMike Masnickhttps://www.techdirt.com/articles/20150505/17354330895/prison-enforces-messaging-companys-ip-rights-sending-prisoner-to-solitary.shtml
https://www.techdirt.com/articles/20150505/17354330895/prison-enforces-messaging-companys-ip-rights-sending-prisoner-to-solitary.shtmlmassive boondoggle for the companies providing those services. Talk about a "captive market." And the companies take advantage of that with absolutely insane rates for things like phone service, some of which became news not too long ago when an expert in this area estimated that the Serial podcast probably had a $2,500 phone bill for its 40 hours of calls with Adnan Syed.

But, of course there are other ways to gouge someone beyond just money. And, as the EFF's Dave Maass has discovered, one major service provider in the space, JPay, forces any user to sign over all rights to any content sent via its system. The company is pretty explicit about this. In the "email" portion of its lengthy terms of service (you have to (1) have javascript enabled and (2) click on the email link to get these to show up), it notes the following:

If you can't read that, it says:

INTELLECTUAL PROPERTY RIGHTS. You acknowledge that JPay owns all right, title and interest in and to the Service, including without limitation all intellectual property rights (the “JPay Rights“), and such JPay Rights are protected by U.S. and international intellectual property laws. Accordingly, you agree that you will not copy, reproduce, alter, modify, or create derivative works from the Service. The JPay Rights include rights to (i) the Service developed and provided by JPay; and (ii) all software associated with the Service.

You also acknowledge that JPay owns all of the content, including any text, data, information, images, or other material, that you transmit through the Service.

There is a similar clause under the "video visitation" terms of service as well, noting that JPay owns those videos as well.

Now, you can understand JPay claiming IP rights on the service itself. But it's that second paragraph that's insane. Just to use the service, you are saying that JPay owns anything you send via the service. Anything. Maass points out this means that if a child sends a drawing to an incarcerated parent, JPay claims it owns the copyright on that drawing. Or, going back to Serial, all of those recorded calls with Adnan Syed? Well, if it had been done via JPay's system, under those terms, JPay could (theoretically) claim a copyright interest in the recordings, and thus argue that Serial was infringing.

That might be (or might not be) a far-fetched scenario. But there are some very real world scenarios that are coming out as a result of this mess. You may recall a post we did back in February (also based off of excellent work by Maass), highlighting how the South Carolina Department of Corrections was adding new level 1 felony charges to anyone using social media while in prison. This resulted in some prisoners being given multiple years of solitary confinement for merely posting to Facebook.

Maass highlights a case where prison officials similarly punished a convict who recorded a video message via JPay, urging supporters to come to a hearing in his appeal effort. When asked why the guy had lost a bunch of his rights and was put in solitary confinement, the prison said it was merely enforcing JPay's intellectual property rights, even if the company didn't appear to complain about this at all (and, in fact, encouraged people to share the videos created under its system):

Valeria Buford has been running an Internet campaign to get her brother Leon Benson’s murder conviction overturned. In August 2014, Benson used JPay to record a 30-second videogram thanking his supporters and asking them to attend an upcoming hearing in his appeal. Buford posted this to Facebook, but when prison staff discovered it, Buford’s JPay access was suspended and, according to the Indianapolis Star, Benson was disciplined, sent to solitary confinement, and stripped of good-time days. To justify the discipline, they claimed that they were simply enforcing JPay’s intellectual property rights and terms of service.

[....] According to court records, JPay told Buford directly that she was free to do what she liked with the videogram, including posting it to social media

Oh, and the reason there are court records on this is because Buford is suing, arguing that this whole thing violated her own First Amendment rights:

Buford is currently suing the Indiana Department of Corrections with the help of the American Civil Liberties Union of Indiana. Although Buford’s JPay access has since been restored, she argues that her First Amendment rights are chilled because she “continues to face loss of her ability to communicate with her brother through [JPay] if she so much as posts an internet message from him.”

But, as Maass notes, JPay could help out by doing something rather basic here: changing its own terms of service to not claim ownership over all content sent via the system, so that the prison can no longer use that as a bogus excuse to strip prisoners of service just for speaking out.

Permalink | Comments | Email This Story
]]>intellectual-property-gone-madhttps://www.techdirt.com/comment_rss.php?sid=20150505/17354330895Tue, 18 Nov 2014 14:46:00 PSTGood News: WhatsApp Gets Serious About End To End EncryptionMike Masnickhttps://www.techdirt.com/articles/20141118/12280429183/good-news-whatsapp-gets-serious-about-end-to-end-encryption.shtml
https://www.techdirt.com/articles/20141118/12280429183/good-news-whatsapp-gets-serious-about-end-to-end-encryption.shtmlgood news to see companies like Google and Apple finally taking end user encryption seriously, and it appears that's spreading. The super-popular chat messaging app WhatsApp, which was acquired by Facebook not too long ago, just turned on full end-to-end encryption, powered by Open Whisper Systems, the makers of such great tools as TextSecure, which is the basis for the new encryption:

The most recent WhatsApp Android client release includes support for the TextSecure encryption protocol, and billions of encrypted messages are being exchanged daily. The WhatsApp Android client does not yet support encrypted messaging for group chat or media messages, but we’ll be rolling out support for those next, in addition to support for more client platforms. We’ll also be surfacing options for key verification in clients as the protocol integrations are completed.

WhatsApp runs on an incredible number of mobile platforms, so full deployment will be an incremental process as we add TextSecure protocol support into each WhatsApp client platform. We have a ways to go until all mobile platforms are fully supported, but we are moving quickly towards a world where all WhatsApp users will get end-to-end encryption by default.

It sounds like this project started prior to the Facebook acquisition, so it's great to see it continue to move forward either way. Just recently, the EFF rated various messaging apps for their security (which resulted in some controversy...), and WhatsApp didn't score all that well, while TextSecure got a perfect score. Making messaging more and more secure is incredibly important, so it's great to see it happening here.

Permalink | Comments | Email This Story
]]>good-to-seehttps://www.techdirt.com/comment_rss.php?sid=20141118/12280429183Thu, 10 Apr 2014 05:20:02 PDTFresh Off Being Called Out For Collusion, Legacy Music Industry Players Cite Need For Greater Collusion On Political FrontMike Masnickhttps://www.techdirt.com/articles/20140404/12463926803/fresh-off-being-called-out-collusion-legacy-music-industry-players-cite-need-greater-collusion-political-front.shtml
https://www.techdirt.com/articles/20140404/12463926803/fresh-off-being-called-out-collusion-legacy-music-industry-players-cite-need-greater-collusion-political-front.shtmlcollusive behavior by music publishing companies, led by ASCAP, to try to screw Pandora out of higher rates. A judge called them out for it and rejected their plan (though, with little in the way of other punishment). However, apparently the publishers and other parts of the legacy recording industry seem to think that in order to move the political debate forward, they need to all get on the same page concerning the story they tell to Congress.

Yes, despite all the statements since the death of SOPA about how the legacy players in the music industry have given up on legislation, that's bogus. Instead, they're trying to team up and get their story straight about what kind of legislation they want:

When it comes to the music industry’s lobbying efforts in Washington, it is time for some harmony.

That message has gained momentum among music executives, who worry that squabbling among the various players — record labels, music publishers, artists, songwriters — will undermine broader initiatives to push for new legislation and regulatory reform.

[....]

Music groups are pushing for a range of new laws and regulations that they believe are vital to help their businesses survive in the digital era. But the interests of these parties do not always align.

Oh, and don't expect any of this new "sing from the same songbook" effort to include actually working with fans to understand what they want, or with innovators to understand how these legacy players might embrace the future to improve their business. Instead, it's all about playing hardball politics to try to use new laws to prop up old business models. The article notes that the defeat of SOPA was a wake-up call to the various parts of the music industry to work together to stop "the increasing influence" from technology companies.

Of course, they're just playing the same old game: lobby, rather than innovate. Collude, rather than compete. It's an old strategy that worked for decades, but seems much less likely to work these days. That was the lesson of SOPA, but it appears that the legacy players still don't get it.

Permalink | Comments | Email This Story
]]>yeah,-that'll-do-ithttps://www.techdirt.com/comment_rss.php?sid=20140404/12463926803Mon, 9 Dec 2013 17:00:00 PSTDailyDirt: Technology Is Changing The Way We Talk Because Internetz, LOLMichael Hohttps://www.techdirt.com/articles/20110909/04235715874/dailydirt-technology-is-changing-way-we-talk-because-internetz-lol.shtml
https://www.techdirt.com/articles/20110909/04235715874/dailydirt-technology-is-changing-way-we-talk-because-internetz-lol.shtmldefinitions of words, so it's not too hard to find examples of changes in communication technologies altering how we use words. Text messages on phones have made us lazy to spell words correctly or to spell out entire words or common phrases. Language is inherently flexible, and here are just a few ways some parts of our language have changed.

If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post via StumbleUpon.

Permalink | Comments | Email This Story
]]>urls-we-dig-uphttps://www.techdirt.com/comment_rss.php?sid=20110909/04235715874Thu, 5 Dec 2013 10:01:26 PSTThe IRS And SEC Want To Snoop Through Your Email Without A Warrant; Don't Let ThemMike Masnickhttps://www.techdirt.com/articles/20131205/09442825467/irs-sec-want-to-snoop-through-your-email-without-warrant-dont-let-them.shtml
https://www.techdirt.com/articles/20131205/09442825467/irs-sec-want-to-snoop-through-your-email-without-warrant-dont-let-them.shtmlECPA reform -- which is the incredibly outdated "electronic communications privacy act" which actually makes sure that you have less privacy than other forms of communication. This isn't necessarily on purpose, but because the law was written in the mid-1980s when email itself was a relatively new concept. It includes some bizarre distinctions between opened and unopened emails and if a message has been "left on a server" for more than 180 days (at which point it's considered "abandoned" and not subject to a warrant). Obviously it never anticipated the kind of internet we have today. It also goes against basic 4th Amendment principles and treats electronic messages differently from physical messages.

There actually is a fair bit of support in both Congress and the White House to fix this... if we can get enough public support behind it, which includes getting more people to sign this petition. As with SOPA, there's a strong suggestion that if this petition tips the scales at 100,000, we can get the White House to come out in favor of ECPA reform.

What's standing in the way? Well, a bunch of government agencies, honestly. There are the obvious ones like the DOJ and DHS. That's to be expected. They always want to make it easier to snoop through emails and written communications. But apparently some of the strongest voices trying to block ECPA reform within the government are coming from the SEC and the IRS, because they too see plenty of advantages in trying to snoop through emails without having to take the trouble of getting a warrant.

As I write this, I'm participating in a Reddit AMA (Ask Me Anything) with Chris Calabrese from the ACLU, Mark Stanley from the Center for Democracy and Technology and Julian Sanchez from the Cato Institute. This coincides with a day of action involving a bunch of companies and organizations trying to get more people to speak out on the importance of ECPA reform. And, finally, the folks at TechFreedom have put together a great infographic, which we've also embedded below.

Permalink | Comments | Email This Story
]]>speak-up,-fix-ecpahttps://www.techdirt.com/comment_rss.php?sid=20131205/09442825467Mon, 1 Oct 2012 17:00:00 PDTDailyDirt: Make The Logos Bigger, BetterMichael Hohttps://www.techdirt.com/articles/20101007/10185011324/dailydirt-make-logos-bigger-better.shtml
https://www.techdirt.com/articles/20101007/10185011324/dailydirt-make-logos-bigger-better.shtmlre-designs are more successful than others. Here are just a few interesting logo collections of some branding campaigns that you might recognize.

If you'd like to read more awesome and interesting stuff, check out this unrelated (but not entirely random!) Techdirt post.

Permalink | Comments | Email This Story
]]>urls-we-dig-uphttps://www.techdirt.com/comment_rss.php?sid=20101007/10185011324Mon, 1 Nov 2010 08:26:33 PDTGoogle Sues The US Government For Only Considering Microsoft SolutionsMike Masnickhttps://www.techdirt.com/articles/20101030/23442911657/google-sues-the-us-government-for-only-considering-microsoft-solutions.shtml
https://www.techdirt.com/articles/20101030/23442911657/google-sues-the-us-government-for-only-considering-microsoft-solutions.shtmlEric Goldman alerts us to the interesting bit of news that Google has sued the US government -- specifically the Department of the Interior, for not seriously considering Google Apps when it put out a Request for Quotation (RFQ) to handle its messaging needs. Specifically, the DOI stated upfront in the RFQ that the solution had to be part of the Microsoft Business Productivity Online Suite. Google is making the argument that this is "unduly restrictive of competition," and it seems like they've got a decent argument there.

Most of the lawsuit details the history of meetings and conversations between Google and the DOI, where Google sought to convince the DOI that its solution was acceptable. The DOI justified limiting its offerings to Microsoft, by saying that Microsoft had two things that other solution providers did not: unified/consolidated email and "enhanced security." Google disputes this (not surprisingly) and notes various problems with Microsoft solutions -- including well reported downtime issues. Google protested the RFQ when it was released, but the GAO dismissed Google's protest saying that since Google does not have a GSA schedule contract (i.e., what you need to sell to the gov't), it was "not an interested party." Anyway, should make for an interesting lawsuit if it goes anywhere...

Permalink | Comments | Email This Story
]]>hubrishttps://www.techdirt.com/comment_rss.php?sid=20101030/23442911657Tue, 24 Jun 2008 17:53:03 PDTTwitter As An Emergency Broadcast System? Doesn't It Have To Work Regularly First?Mike Masnickhttps://www.techdirt.com/articles/20080624/0231161490.shtml
https://www.techdirt.com/articles/20080624/0231161490.shtmlalert people that he had been arrested interesting, it does seem like a bit of a stretch to then say that it makes sense to create an emergency alert system via Twitter. Though it has some potential to be powerful, an emergency alert system needs to be reliable -- and Twitter is rather infamous for its pretty regular downtime.

Permalink | Comments | Email This Story
]]>just-saying...https://www.techdirt.com/comment_rss.php?sid=20080624/0231161490Tue, 5 Feb 2008 09:20:47 PSTThe True Cost Of SMS Won't Matter Much As Mobile Devices AdvanceTom Leehttps://www.techdirt.com/articles/20080129/102107109.shtml
https://www.techdirt.com/articles/20080129/102107109.shtmlSlashdot linked to an entertaining analysis of the cost of SMS messages. Noting that many carriers are raising their SMS prices despite increasing demand for the service — demand which should be spurring competition — the author of the post figures out the number of bits in a text message and concludes that transmitting data by SMS is about 15 million times more expensive than doing so over a commodity internet connection.

But of course this isn't really a fair comparison. A commodity internet connection doesn't afford the ubiquity that a cellular network does. Comparing the data rate and price of voice traffic is probably more instructive (although the two types of messages are admittedly not transmitted in the same manner across the network). Taking AT&T's overage charge of $0.45 cents/minute and 13kbps as a plausible bitrate for a GSM call, my calculator says that SMS data is a mere 316% more expensive than voice traffic.

That's still not great, though. And there's no question that SMS prices are going up even farther — in the past year or so the Consumerist blog has been full of posts encouraging various carriers' users to escape their contracts thanks to those contracts' newly-increased SMS fees. It's an unfortunate situation: very few consumers select a carrier on the basis of its SMS offerings, and few will leave their carrier over them, either, blunting the consumer response to price increases. Plus, as the technology has gained popularity the mobile operators have lost the need to encourage its adoption through cheap rates. It's not very surprising to see them conclude that the most profitable price point for SMS is higher than the one they had been offering.

Fortunately for the rest of us, this state of affairs doesn't seem likely to last much longer. Although there's little reason to have faith in the mobile market's ability to bend the carriers to consumers' will, new technologies are going to inevitably dry up the SMS bonanza. We're on the verge of the iPhone SDK's release, and Google's Android seems likely to find its way into many cheaper handsets. These and other technologies mean that the average customer will have access to bulk data services on their handset soon if they don't already. And once bulk data can be consumed, so many options for short message communication become available that SMS's specialized role will disappear almost immediately. Between web interfaces, widgets, IM clients and email apps, there are a vast number of ways to send short strings of text. Services like Twitter that offer a variety of input modalities will no doubt help to stitch together this looming surplus of communication options.

Given how few bits are required to transmit those messages (and the generic nature of those bits), there'll be no way for the carriers to keep short message transmission as expensive as it currently is — not without without pricing web browsing, email and other mobile data services into oblivion. I wouldn't expect SMS to disappear, but it seems safe to assume it'll start getting cheaper soon.